Logstash service will not stay on

[cgutierr]

So, I copied what was is the file 99-nagioslogserver.conf file and appended it to the rsyslog.conf file and then restarted rsyslog.

I am using the defauly logstash configs 000_inputs.conf, 500_filters.conf, and 999_outputs.conf. I have setenforce set to 0 and iptables off.

[hsmith]

Is it possible the logs are showing up in the 'future' ?

On your dashboard, in the upper right can you change the 'A month ago to a few seconds ago' to some crazy time range in the future using the custom button? Sometimes there's some weirdness about timestamps.

[cgutierr]

Yeah, that worked! Sweet! How do we fix the issue with the timestamps?

[hsmith]

Can I see a screenshot of one of the logs with any sensitive information obfuscated?

[cgutierr]

Unfortunately, I cannot. Is there anything in particular you are looking for?

[hsmith]

I wanted to see what the timestamp differences look like. Specifically the message field, and any field with the word timestamp in it/any field that relates to time.

Here are some links for reference to what's going on: https://discuss.elastic.co/t/timestamp- ... ture/29421
https://support.nagios.com/forum/viewto ... 37&t=34084

[cgutierr]

Basically, the timestamp value on the left column is correct but when you expand the message, the timestamp value inside the message is about 7 hours off.

[jolson]

Please read through the following document to learn about how dates work with relation to Nagios Log Server: https://www.elastic.co/guide/en/logstas ... -date.html

I am betting that either:

1. Your system time is off

2. You have a syslog input or a date filter that is re-doing the time of your inbound logs.

In either case, reading the above article will be useful. Let me know if you have any questions about it!

[cgutierr]

Can you please close thread.